实验22: EIGRP 认证<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
1.
实验目的
通过本实验可以掌握EIGRP 路由协议认证的配置和调试。
2.
实验拓扑
本实验拓扑结构如所示。
3.
实验步骤
r0,r1,r2配置如下:
r0(config)#no ip do loo
r0(config)#lin c 0
r0(config-line)#logg s
r0(config-line)#exec-t 00
r0(config-line)#exit
r0(config)#int s0/0
r0(config-if)#ip add 172.16.1.1 255.255.255.0
r0(config-if)#no sh
r0(config-if)#exit
r0(config)#router
*Mar 1 00:03:15.823: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:03:16.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config)#router eigrp 1
r0(config-router)#no au
r0(config-router)#net 172.16.1.0 255.255.255.0
r0(config-router)#
*Mar 1 00:03:42.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r0(config-router)#
*Mar 1 00:04:12.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-router)#
*Mar 1 00:04:30.795: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.2 (Serial0/0) is up: new adjacency
r0(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, Serial0/0
D 172.16.2.0 [90/2681856] via 172.16.1.2, 00:00:18, Serial0/0
r0(config-router)#exit
r0(config)#key chain haojian
r0(config-keychain)#key 1
r0(config-keychain-key)#key-string cisco
r0(config-keychain-key)#exit
r0(config-keychain)#exit
r0(config)#int s0/0
r0(config-if)#ip auth
r0(config-if)#ip authentication ?
key-chain key-chain
mode mode
r0(config-if)#ip authentication mode ?
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
r0(config-if)#ip authentication mode eigrp 1 ?
md5 Keyed message digest
r0(config-if)#ip authentication mode eigrp 1 md5
r0(config-if)#ip a
*Mar 1 00:06:57.467: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.2 (Serial0/0) is down: authentication mode changed
r0(config-if)#ip authentication key-chain?
key-chain
r0(config-if)#ip authentication key-chain cisco
^
% Invalid input detected at '^' marker.
r0(config-if)#ip authentication key-chain cisco?
% Unrecognized command
r0(config-if)#ip authentication key-chain eigrp 1 cisco
r0(config-if)#do sh ip pro
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
172.16.1.0/24
Routing Information Sources:
Gateway Distance Last Update
172.16.1.2 90 00:06:48
Distance: internal 90 external 170
r0(config-if)#do ping 172.16.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r0(config-if)#do sh ip eigrp int detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0 0 0/0 0 0/15 215 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 2/3
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "cisco"
Use unicast
说明配置了认证
r0(config-if)#do wr
Building configuration...
[OK]
r0(config-if)#do sh ip eigrp nei
IP-EIGRP neighbors for process 1
r0(config-if)#
r0(config-if)#do debug eigrp packets //实验调试
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
r0(config-if)#
*Mar 1 00:29:51.651: EIGRP: Serial0/0: ignored packet from 172.16.1.2, opcode = 5 (missing authentication)
r0(config-if)#
*Mar 1 00:29:53.619: EIGRP: interface Serial0/0, No live authentication keys
*Mar 1 00:29:53.619: EIGRP: Sending HELLO on Serial0/0
*Mar 1 00:29:53.619: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
r0(config-if)#
*Mar 1 00:29:56.191: EIGRP: Serial0/0: ignored packet from 172.16.1.2, opcode = 5 (missing authentication)
r0(config-if)#
*Mar 1 00:29:58.147: EIGRP: interface Serial0/0, No live authentication keys
*Mar 1 00:29:58.147: EIGRP: Sending HELLO on Serial0/0
*Mar 1 00:29:58.147: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
r0(config-if)#
*Mar 1 00:30:01.179: EIGRP: Serial0/0: ignored packet from 172.16.1.2, opcode = 5 (missing authentication)
r0(config-if)#
*Mar 1 00:30:02.807: EIGRP: interface Serial0/0, No live authentication keys
*Mar 1 00:30:02.807: EIGRP: Sending HELLO on Serial0/0
*Mar 1 00:30:02.807: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
r0(config-if)#
*Mar 1 00:30:05.935: EIGRP: Serial0/0: ignored packet from 172.16.1.2, opcode = 5 (missing authentication)
r0(config-if)#do
*Mar 1 00:30:07.291: EIGRP: interface Serial0/0, No live authentication keys
*Mar 1 00:30:07.291: EIGRP: Sending HELLO on Serial0/0
*Mar 1 00:30:07.291: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
r0(config-if)#do un all
All possible debugging has been turned off
r0(config-if)#
*Mar 1 00:30:10.275: EIGRP: Serial0/0: ignored packet from 172.16.1.2, opcode = 5 (missing authentication)
r0(config-if)#
r1(config)#no ip do loo
r1(config)#lin c 0
r1(config-line)#logg s
r1(config-line)#exec-t 00
r1(config-line)#exit
r1(config)#int s0/0
r1(config-if)#ip add 172.16.1.2 255.255.255.0
r1(config-if)#no sh
r1(config-if)#exit
r1(config)#itn
*Mar 1 00:03:58.723: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:03:59.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to u
r1(config)#int s0/1
r1(config-if)#ip add 172.16.2.1 255.255.255.0
r1(config-if)#no sh
r1(config-if)#exit
r1(config)#router e
*Mar 1 00:04:15.195: %LINK-3-UPDOWN: Interface Serial0/1, changed state to up
*Mar 1 00:04:16.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up
r1(config)#router eigrp 1
r1(config-router)#no au
r1(config-router)#net 172.16.1.0 255.255.255.0
r1(config-router)#net
*Mar 1 00:04:30.499: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is up: new adjacency
r1(config-router)#net 172.16.2.0 255.255.255.0
r1(config-router)#no sh
^
% Invalid input detected at '^' marker.
r1(config-router)#
*Mar 1 00:04:38.963: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.2 (Serial0/1) is up: new adjacency
r1(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, Serial0/0
C 172.16.2.0 is directly connected, Serial0/1
r1(config-router)#
*Mar 1 00:06:57.119: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is down: Interface Goodbye received
r1(config-router)#
*Mar 1 00:07:01.607: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is up: new adjacency
r1(config-router)#exit
r1(config)#key-chain haojian
^
% Invalid input detected at '^' marker.
r1(config)#key chain ha
*Mar 1 00:08:21.119: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is down: retry limit exceeded
r1(config)#key chain haojian
r1(config-keychain)#
*Mar 1 00:08:24.607: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is up: new adjacency
r1(config-keychain)#key 1
r1(config-keychain-key)#key-string cisco
r1(config-keychain-key)#exit
r1(config-keychain)#exit
r1(config)#int s0/0
r1(config-if)#ip authencation mode eigrp 1 md5
^
% Invalid input detected at '^' marker.
r1(config-if)#ip authentication mode eigrp 1 md5
r1(config-if)#
*Mar 1 00:09:26.683: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is down: authentication mode changed
r1(config-if)#ip au
r1(config-if)#ip authentication key-chain eigrp 1 cisco
r1(config-if)#do ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/24/48 ms
r1(config-if)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, Serial0/0
C 172.16.2.0 is directly connected, Serial0/1
r1(config-if)#do sh ip pro
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
172.16.1.0/24
172.16.2.0/24
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170
r1(config-if)#exit
r1(config)#int s0/1
r1(config-if)#ip auth
r1(config-if)#ip authentication mode eigrp 1 md5
r1(config-if)#ip au
*Mar 1 00:13:21.979: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.2 (Serial0/1) is down: authentication mode changed
r1(config-if)#ip au
r1(config-if)#ip authentication key-chain eigrp 1 cisco
r1(config-if)#do sh ip itn b
sh ip itn b
^
% Invalid input detected at '^' marker.
r1(config-if)#do sh ip int b
Interface IP-Address OK? Method Status Protocol
Serial0/0 172.16.1.2 YES manual up up
Serial0/1 172.16.2.1 YES manual up up
Serial0/2 unassigned YES unset administratively down down
Serial0/3 unassigned YES unset administratively down down
r1(config-if)#do ping 172.16.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/24/44 ms
r1(config-if)#do sh ip eigrp int detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0 0 0/0 0 0/15 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/35
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 29 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "cisco"
Use unicast
Se0/1 0 0/0 0 0/15 383 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/4
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "cisco"
Use unicast
r1(config-if)#do wr
Building configuration...
[OK]
r1(config-if)#do sh ip eigrp neig
IP-EIGRP neighbors for process 1
r1(config-if)#do sh key chain
Key-chain haojian:
key 1 -- text "cisco"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
r1(config-if)#
r2(config)#no ip do loo
r2(config)#lin c 0
r2(config-line)#logg s
r2(config-line)#exec-t 00
r2(config-line)#exit
r2(config)#exit
r2#
*Mar 1 00:02:10.995: %SYS-5-CONFIG_I: Configured from console by console
r2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r2(config)#int s0/0
r2(config-if)#ip add 172.16.2.2 255.255.255.0
r2(config-if)#no sh
r2(config-if)#
*Mar 1 00:02:32.635: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:02:33.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r2(config-if)#exit
r2(config)#router eigrp 1
r2(config-router)#net 172.16.2.0 255.255.255.0
r2(config-router)#no au
r2(config-router)#
*Mar 1 00:03:02.615: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r2(config-router)#
*Mar 1 00:04:22.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r2(config-router)#
*Mar 1 00:04:38.583: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.1 (Serial0/0) is up: new adjacency
r2(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
D 172.16.1.0 [90/2681856] via 172.16.2.1, 00:00:34, Serial0/0
C 172.16.2.0 is directly connected, Serial0/0
r2(config-router)#
*Mar 1 00:13:21.655: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.1 (Serial0/0) is down: Interface Goodbye received
r2(config-router)#
*Mar 1 00:13:26.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.1 (Serial0/0) is up: new adjacency
r2(config-router)#exit
r2(config)#key chain haojian
r2(config-keychain)#key 1
r2(config-keychain-key)#key-string cisco
r2(config-keychain-key)#exit
r2(config-keychain)#exit
r2(config)#int s0/0
r2(config-if)#ip au
r2(config-if)#ip authentication mode eigrp 1 md5
r2(config-if)#ip au
*Mar 1 00:14:36.863: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.1 (Serial0/0) is down: authentication mode changed
r2(config-if)#ip au
r2(config-if)#ip authentication key-chain eigrp 1 cisco
r2(config-if)#do ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r2(config-if)#do sh ip int b
Interface IP-Address OK? Method Status Protocol
Serial0/0 172.16.2.2 YES manual up up
Serial0/1 unassigned YES unset administratively down down
Serial0/2 unassigned YES unset administratively down down
Serial0/3 unassigned YES unset administratively down down
r2(config-if)#do ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r2(config-if)#do sh ip eigrp int detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0 0 0/0 0 0/15 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 1/19
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 3
Retransmissions sent: 15 Out-of-sequence rcvd: 1
Authentication mode is md5, key-chain is "cisco"
Use unicast
r2(config-if)#do wr
Building configuration...
[OK]
r2(config-if)#
注:链路的一端启用了认证,另外一端没有起用认证和钥匙链的密匙不正确
会出现什么情况,读者自己试试
转载于:https://blog.51cto.com/gauyanm/237345
3290
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
